Why not test open-source software instead? It would be the same thing, except you would actually be contributing something back to the community. The whole process of setting up and configuring a server/database/application and then hacking it will result in a much greater learning experience than just doing a black-box attack on some website.